Over the past 12 months, many in the industry have had cyber-attacks which have been extremely painful for those concerned and have put fear into many others. For the directors of any group or dealerships, it is very difficult to understand how safe your own organisation is when you do not have any qualifications in this area.
As a data company, we have learned many lessons over the years that I think are worth sharing. In the early years, we got PwC to assess our security match fitness and it was very clear then that best intentions were no substitute for a myriad of security controls to protect the company. We agreed at that point that we would go for an ISO27001 certification that is audited every 6 months by an external examiner to give the Board that reassurance that our controls are indeed fit for purpose and being layered up all the time. We appointed an external CISO and put in place over 12 months all of the necessary controls to achieve certification. For us, it was one of the best things we ever did, we did not lose our agility, but we work in a very safe environment and we can sleep better at night. For a dealer group, it would be a good thing to do to get certified and get assurance from external structured audits.
The steps involved are:
This is not a massively expensive process and is one that will protect you for many years to come. Life will be easier too if you only use or prefer ISO27001-certified suppliers.
Finally, one word on a risk that you may not have thought about: availability of data and information is just as important as protecting sensitive data, this includes access to your data in your DMS and other systems. Before you renew any of the contracts with software suppliers make sure that you have a good understanding of how you or your subcontractors can access your own data, and at what cost. It is your data and not having access will either layer on a lot of hidden costs or reduce your competitiveness in a way that may not be apparent until it’s too late. Feel free to chat with us if we can help in any way on the topics above.
John Hogan is the CEO and Chief Data Scientist at Real World Analytics (RWA). RWA helps dealer groups become more efficient with actionable drillable dashboards and reports. Visit realworldanalytics.com/automotive/our-solutions for all our solutions, or check out our customer stories. If you want to find out how we can help you drive your dealer business forward, contact us or email auto@realworldanalytics.com
This article is previously published in Auto Retail Bulletin
Interested to learn more?
Interested to learn more?